The following is from flyingpenguin the poetry of information security http://www.flyingpenguin.com/?p=11532 iPhone keeps a database of all your movements I recently wrote about a German politician who successfully fought to get location data from his mobile provider . A commenter said mobile devices have to be in constant contact with the provider, so there is bound to be location data. Fair enough, but my hope was to focus on why data is stored and why users are not made aware so they can opt-in or out. Perhaps the following example will be more clear, as it removes the network and service-model entirely. Last year it was publicly disclosed that the Apple iPhone keeps a record of movement in a local database . iPhoneTracker is an application that can read the database of locations stored on your iPhone as well as the backups made with iTunes. You should see something like this: -rw-r–r– 00000000 00000000 28082176 1297319654 1297319654 1282888290 (4096c9ec676f2847dc283405900e284a7c815836)RootDomain::Library/Caches/locationd/consolidated.db That text in brackets just before 'RootDomain::' is the name of the actual file on disk that holds the location data. Since it's an SQLite database file, you can use any standard SQLite browser, I'm using this Firefox plugin: https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/ Open up the file, choose the 'CellLocation' table, and you can browse the tens of thousands of points that it has collected. The most interesting data is the latitude, longitude location and the timestamp. The timestamp shows the time in seconds since January 1st 2001. Apple is not a provider, and there is no (yet) known use of this information. Yet their mobile devices by default store a detailed database of your locations. They even back it up, so you can monitor any Apple iPhone user's movements just by reviewing their iTunes sync data. Why is Apple collecting this information? It’s unclear. One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation. The fact that it's transferred across devices when you restore or migrate is evidence the data-gathering isn't accidental. [...] By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements. I guess the advantage over the German politician is that you don't have to sue Apple to see your data. The disadvantage is that the privacy laws directed at providers do not apply. You have been tracking yourself, but just didn't know it. Apple conveniently left it in plain-text format for anyone (e.g. a provider) to read and sell. Some of it might be askew because it is using tower triangulation instead of GPS but I would wager they could easily upgrade the accuracy. I recommend anyone with an iPhone (or iPad) download the application and create their own "What six months of your life looks like to Apple" web page. Even more fun could be to write an application that pollutes the database with exotic location data to show an iPhone going on virtual vacations. Updated to add: Apple's name for the location tracking file is "consolidated.db", the same name as a radical anti-fascist industrial band from the late 1980s. Hat tip to Jeremy Allaire for mentioning them to me. Ha, how far Apple has come since then, when we used to consider ourselves so alternative and secure on a Mac. I'm sure it's total coincidence; that and the fact that disposableheroesofhiphoprisy.db was far too obvious. Posted in Security . By Davi Ottenheimer – 2011-04-20T19:59 April 20, 2011 To subscribe or to leave the list, or to set other subscription options, go to www.freelists.org/list/real-eyes